Amendments to the Claims 

The following listing of claims replaces all prior versions and listings of claims in the 
above-referenced application: 

Claims 1-4 (cancelled) 

Claim 5. (currently amended) A method for manipulating , via manipulation equipment residing 
within an access network to the Internet, the transportation of packets between a source network 
and IP based destination network plurality of remote clients on one side of the access network 
and a plurality of corporate intranets on another side of the access network , the method 
comprising the steps of: 

(a) receiving a packet from a source, the received packet being intended for a 
destination intercepting network based tunnel (NBT) packets transferred between a plurality of 
remote clients and a plurality of corporate intranets through a plurality of network based tunnels 
that carry data traffic between a plurality of remote clients and a plurality of corporate intranets, 
wherein at least two of the remote clients are in communication with different corporate 
intranets : 

(b) parsing the received an intercepted NBT packet that was directed toward a destination 
on one side of the access network to identify the received packet as a packet that can be 
manipulated and retrieving an original packet that is encapsulated within the NBT packet : 
(c) parsing the original packet: and 

(d) wherein the original packet is determined to have been targeted toward the 
manipulation equipment: 

(ei) updating a cross-reference table, the cross-reference table enabling containing 

information that is useful for the reconstruction o f reconstruction of a connection to the 
destination an NBT : 

(du) manipulating the received original packet into a manipulated packet by 

sending the received original packet to a-the manipulation medu feequipment ; 

(eiii) reconstructing , via the updated cross-reference table, the NBT connection te- 

the destination for the manipulated packet using the cross reference table from which the NBT 
packet was intercepted : and 
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(fiv) transferring the manipulated packet te -toward the destination over the 

reconstructed NBT connection- ; 

(e) wherein the received packet and the manipulated packet are transferred over network 
based tunnels, wherein the step of updating the cross reference table reconstructing the NBT 
connection further comprises using a source port number of the received packet coming from the 
manipulation module equipment . 

Claim 6. (currently amended) A method for manipulating , via manipulation equipment residing 
within an access network to the Internet, the transportation of packets between a plurality of 
remote clients on one side of the access network and a plurality of corporate intranets on another 
side of the access network source network and IP based destination network , the method 
comprising the steps of: 

(a) intercepting network based tunnel (NBT) packets transferred between a plurality of 
remote clients and a plurality of corporate intranets through a plurality of network based tunnels 
that carry data traffic between a plurality of remote clients and a plurality of corporate intranets, 
wherein at least two of the remote clients are in communication with different corporate 
intranets receiving a packet from a source, the received packet being intended for a destination ; 

(b) parsing an intercepted NBT the rec e iv e d packet that was directed toward a destination 
on one side of the access network to identify the received packet as a packet that can be 
manipulated and retrieving an original packet that is encapsulated within the NBT packet ; 
(c) parsing the original packet; and 

(d) wherein the original packet is determined to have been targeted toward the 

manipulation equipment: 

(ei) updating a cross-reference table, the cross-reference table enabling containing 

information that is useful fort he reconstruction of a connection to the destination an NBT ; 

(du) manipulating the received original packet into a manipulated packet by 

sending the received original packet to a-the manipulation medule equipment ; 

(eiii) reconstructing , via the updated cross-reference table, the NBT connection te- 

the destination for the manipulated packet using the cross reference table from which the NBT 
packet was intercepted ; and 
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(fiv) transferring the manipulated packet te -toward the destination over the 

reconstructed NBT connection- ; 

(e) wherein the received packet and the manipulated packet are transferred over network 

based tunnels, wherein the step of updating the cross-reference table further comprises using the 
IP address of the manipulation module equipment . 

Claim 7. (currently amended) A method for manipulating , via manipulation equipment residing 
within an access network to the Internet, the transportation of packets between a source network 
and IP based destination network plurality of remote clients on one side of the access network 
and a plurality of corporate intranets on another side of the access network , the method 
comprising the steps of: 

(a) intercepting network based tunnel (NBT) packets transferred between a plurality of 
remote clients and a plurality of corporate intranets through a plurality of network based tunnels 
that carry data traffic between a plurality of remote clients and a plurality of corporate intranets, 
wherein at least two of the remote clients are in communication with different corporate 
intranets receiving a packet from a source, the received packet being intended for a destination ; 

(b) parsing the receive d an intercepted NBT packet that was directed toward a destination 
on one side of the access network to identify the received packet as a packet that can be 
manipulated and retrieving an original packet that is encapsulated within the NBT packet ; 
(c) parsing the original packet; and 

(d) wherein the original packet is determined to have been targeted toward the 

manipulation equipment: 

(ei) updating a cross-reference table, the cross-reference table enabling containing 

information that is useful for the-reconstruction of a connection to the destination an NBT ; 

(dii) manipulating the received original packet into a manipulated packet by 

sending the received original packet to a-the manipulation medul eequipment ; 

(eiii) reconstructing , via the updated cross-reference table, the NBT connection te- 

the destination for the manipulated packet using the cross reference table from which the NBT 
packet was intercepted ; and 

(fiv) transferring the manipulated packet te -toward the destination - over the 

reconstructed NBT connection; 
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(e) wherein the received packet and the manipulated packet are transferred over network 
based tunnels, wherein the step of updating the cross-reference table further comprises using the 
IP address of the destination. 

Claim 8. (currently amended) A method for manipulating , via manipulation equipment residing 
within an access network to the Internet, the transportation of packets between a plurality of 
remote clients on one side of the access network and a plurality of corporate intranets on another 
side of the access network source network and IP based destination network , the method 
comprising the steps of: 

(a) intercepting network based tunnel (NBT) packets transferred between a plurality of 
remote clients and a plurality of corporate intranets through a plurality of network based tunnels 
that carry data traffic between a plurality of remote clients and a plurality of corporate intranets, 
wherein at least two of the remote clients are in communication with different corporate 
intranets receiving a packet from a source, the received packet being intended for a destination ; 

(b) parsing the received an intercepted NBT packet that was directed toward a destination 
on one side of the access network to identify the received packet as a packet that can be 
manipulatcd and retrieving an original packet that is encapsulated within the NBT packet ; 
(c) parsing the original packet; and 

(d) wherein the original packet is determined to have been targeted toward the 

manipulation equipment: 




information that is useful for the reconstruction of 



to the de ; 



an NBT ; 



_(dii) manipulating the received original packet into a manipulated packet by 



sending the received original packet to a- the manipulation module equipment ; 

(eiii) reconstructing , via the updated cross-reference table, the NBT connection te- 



the destination for the manipulated packet using the cross reference table from which the NBT 
packet was intercepted ; and 

(fiv) transferring the manipulated packet te -toward the destination - over the 



reconstructed NBT connection; 
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(e) wherein the received packet and the manipulated packet are transferred over network 

based tunnels, wherein the step of updating the cross-reference table further comprises using the 
IP address of the source. 

Claims 9-17. (cancelled) 

Claim 18. (currently amended) A method for manipulating the transportation of original packets 
transported via an access network to the Internet between at least one a plurality of remote clients 
via an access network and at least one a plurality of IP based private data networks, wherein the 
original packets are encapsulated in network based tunnel packets, and wherein the manipulation 
is done at the access network service provider's premises, the method comprising the steps of: 

transferring intercepting , at the access network service provider's premises, the 
transportation between the at least one plurality of remote clients and the at least one plurality of 
IP based prive^ private data network s, wherein at least two of the remote clients are in 
communication with different IP based private data networks via a manipulation system ; 

parsing a received network based tunnel packet to determine if the received network 
based tunnel packet can be manipulatcd its encapsulated original packet is targeted toward a 
manipulation system ; 

forwarding the received network based tunnel packet, as is, towards a destination if the 

toward the manipulation system ; 

if the received network based tunnel encapsulated original packet can be manipulated is_ 
targeted toward the manipulation system, then : 

retrieving the original packet out of the network based tunnel packet; 

updating a cross-reference table with parameters that associate the original packet 
with the received network based tunnel packet, the cross-reference table enabling the 
reconstruction of a manipulated network based tunnel packet that will be transferred to the 
destination after the manipulation of the received original packet; 
transferring the original packet toward the manipulation system; 

manipulating the original received packet into a manipulated original packet ; 
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reconstructing the manipulated network based tunnel packet with the manipulated 
original received packet; and 

transferring the manipulated network based tunnel packet to the destination over 
network based tunnels r i_ 

wherein the step of updating the cross-reference table further comprises using parameters, 
wherein the parameters that are used fer-comprise a source port number of packets coming from 
a -the manipulation module system . 

Claim 19. (currently amended) A method for manipulating the transportation of original packets 
transported via an access network to the Internet between at least one a plurality of remote clients 
via an access network and at least one a plurality of IP based private data networks, wherein the 
original packets are encapsulated in network based tunnel packets, and wherein the manipulation 
is done at the access network service provider's premises, the method comprising the steps of: 

transferring intercepting , at the access network service provider's premises, the 
transportation between the at least one plurality of remote clients and the at least one plurality of 
IP based privet private data network s, wherein at least two of the remote clients are in 
communication with different IP based private data networks via a manipulation system ; 

parsing a received network based tunnel packet to determine if the received network 
based tunnel packet can be manipulated its encapsulated original packet is not targeted toward the 
manipulation system ; 

forwarding the received network based tunnel packet, as is, towards a destination if the 
received network based tunnel encapsulated original packet cannot be manipulated is not targeted 
toward a manipulation system ; 

if the received network based tunnel encapsulated original packet can be manipulated is_ 
targeted toward the manipulation system, then : 

retrieving the original packet out of the network based tunnel packet; 
updating a cross-reference table with parameters that associate the original packet 
with the received network based tunnel packet, the cross-reference table enabling the 
reconstruction of a manipulated network based tunnel packet that will be transferred to the 
destination after the manipulation of the received original packet; 
transferring the original packet toward the manipulation system; 
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manipulating the original received packet into a manipulated original packet ; 

reconstructing the manipulated network based tunnel packet with the manipulated 
original received packet; and 

transferring the manipulated network based tunnel packet to the destination over 
network based tunnels r ]_ 

wherein the step of updating the cross-reference table further comprises using parameters, 
wherein the parameters that are used for updating the cross-reference table comprise the IP 
address of a- the manipulation module system . 

Claim 20. (currently amended) A method for manipulating the transportation of original packets 
transported via an access network to the Internet between at least one a plurality of remote clients 
via an access network and at least one a plurality of IP based private data networks, wherein the 
original packets are encapsulated in network based tunnel packets, and wherein the manipulation 
is done at the access network service provider's premises, the method comprising the steps of: 

transferring intercepting , at the access network service provider's premises, the 
transportation between the at least one plurality remote clients and the at least one plurality of IP 
based p#ve^ private data network s, wherein at least two of the remote clients are in 
communication with different IP based private data networks via a manipulation system ; 

parsing a received network based tunnel packet to determine if the received network 
based tunnel packet can be manipulated its encapsulated original packet is targeted toward a 
manipulation system ; 

forwarding the received network based tunnel packet, as is, towards a destination if the 
received network based tunnel encapsulated original packet cannot be manipulated is not targeted 
toward the manipulation system ; 

if the received network based tunnel encapsulated original packet can be manipulated is_ 
targeted toward the manipulation system, then : 

retrieving the original packet out of the network based tunnel packet; 
updating a cross-reference table with parameters that associate the original packet 
with the received network based tunnel packet, the cross-reference table enabling the 
reconstruction of a manipulated network based tunnel packet that will be transferred to the 
destination after the manipulation of the received original packet; 
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transferring the original packet toward the manipulation system; 

manipulating the original received packet into a manipulated original packet ; 

reconstructing the manipulated network based tunnel packet with the manipulated 
original received packet; and 

transferring the manipulated network based tunnel packet to the destination over 
network based tunnels r i_ 

wherein the step of updating the cross-reference table further comprises using parameters, 
wherein the parameters that are used for updating the cross-reference table further comprise the 
IP address of the at least one of the plurality of IP based private data networks. 

Claim 21. (currently amended) A method for manipulating the transportation of original packets 
transported via an access network to the Internet between at least one a plurality of remote clients 
via an access network and at least one a plurality of IP based private data networks, wherein the 
original packets are encapsulated in network based tunnel packets, and wherein the manipulation 
is done at the access network service provider's premises, the method comprising the steps of: 

transferring intercepting , at the access network service provider's premises, the 
transportation between the at least one plurality of remote clients and the at least one plurality of 
IP based privet- private data network s, wherein at least two of the remote clients are in 
communication with different IP based private data networks via a manipulation system ; 

parsing a received network based tunnel packet to determine if the received network 
based tunnel packet can be manipulated its encapsulated original packet is targeted toward a 
manipulation system ; 

forwarding the received network based tunnel packet, as is, towards a destination if the 
received network based tunnel encapsulated original packet cannot be manipulated is not targeted 
toward the manipulation system ; 

if the received network based tunnel encapsulated original packet can be manipulated is. 
targeted toward the manipulation system, then : 

retrieving the original packet out of the network based tunnel packet; 
updating a cross-reference table with parameters that associate the original packet 
with the received network based tunnel packet, the cross-reference table enabling the 
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reconstruction of a manipulated network based tunnel packet that will be transferred to the 
destination after the manipulation of the received original packet; 
transferring the original packet toward the manipulation system; 

manipulating the original received packet into a manipulated original packet ; 

reconstructing the manipulated network based tunnel packet with the manipulated 
original received packet; and 

transferring the manipulated network based tunnel packet to the destination over 
network based tunnels r ]_ 

wherein the step of updating the cross-reference table further comprises using parameters, 
wherein the parameters that are used for updating the cross-reference table further comprise the 
IP address of the at least one of the plurality of remote clients. 

Claims 22-26. (cancelled) 

Claim 27. (currently amended) A system for manipulating the transportation of original packets 
transported between at least one a plurality of remote clients via an access network and at least 
enea plurality of IP based private data networks, wherein the original packets are encapsulated in 
network based tunnel packets, and wherein the system is at the access network service provider's 
premises, the system comprising: 

an access gateway interface module that interfaces between the plurality of remote clients 
and the access network for receiving network based tunnel packets from, and sending network 
based tunnel packets toward the at least one remote client via an access gateway ; 

a border gateway interface module that interfaces between the access network and f-er- 
receiving network based tunnel packets from, and sending network based tunnel packets toward 
the at least one plurality of IP based private data networks via a border gateway ; 

a manipulation module for manipulating the original packets that are encapsulated in the 
network based tunnel packets; 

a manipulation equipment interface module, interfacing to the access gateway interface 
module and the border gateway interface module and the manipulation module and that is- 
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wherein the manipulation equipment interface being further operable to manipulate parse 
areceived network based tunnel packet^ by retrieving retrieve an original packet, sending 
determine whether the retrieved original packet is targeted toward the manipulation system and, 
if the retrieved original packet is determined to have been targeted toward the manipulation 
system, send the retrieved original packet to the manipulation module, receiving receive a 
manipulated packet that is the result of the manipulation of the original packet, reconstructing 
reconstruct the network based tunnel packet by installing the manipulated original packet, and 
forwarding forward the reconstructed network based tunnel packet to either the access gateway 
interface or the border gateway interface, 

wherein the access gateway interface module maintains a table of all destinations the 
plurality of IP based private data networks that are users of the manipulation equipment. 

Claim 28 (new) The method of claim 5, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 

Claim 29 (new) The method of claim 6, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 

Claim 30 (new) The method of claim 7, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 

Claim 31 (new) The method of claim 8, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 

Claim 32 (new) The method of claim 18, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 
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Claim 33 (new) The method of claim 19, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 

Claim 34 (new) The method of claim 20, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 

Claim 35 (new) The method of claim 21, wherein determining whether an original packet is 
targeted toward the manipulation system is based on the destination address of the original 
packet. 
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